From e7fc7b791a776608001a46876af036a9613b842e Mon Sep 17 00:00:00 2001 From: Serhii Ponomarenko <116438358+tiptophelmet@users.noreply.github.com> Date: Fri, 15 Mar 2024 00:18:24 +0200 Subject: [PATCH 1/3] =?UTF-8?q?=F0=9F=90=9B=20Fix=20front=20nginx=20and=20?= =?UTF-8?q?network=20policies=20ports=20(#1518)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * 🐛 Use `8080` listen port for front nginx config * 🐛 Use `8080` ingress port for front/hub network policies --- helm-chart/templates/11-nginx-config-map.yaml | 4 ++-- helm-chart/templates/16-network-policies.yaml | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/helm-chart/templates/11-nginx-config-map.yaml b/helm-chart/templates/11-nginx-config-map.yaml index d9aca1332..22e085059 100644 --- a/helm-chart/templates/11-nginx-config-map.yaml +++ b/helm-chart/templates/11-nginx-config-map.yaml @@ -9,9 +9,9 @@ metadata: data: default.conf: | server { - listen 80; + listen 8080; {{- if .Values.tap.ipv6 }} - listen [::]:80; + listen [::]:8080; {{- end }} access_log /dev/stdout; error_log /dev/stdout; diff --git a/helm-chart/templates/16-network-policies.yaml b/helm-chart/templates/16-network-policies.yaml index 772c7ae7d..1bbf4f26a 100644 --- a/helm-chart/templates/16-network-policies.yaml +++ b/helm-chart/templates/16-network-policies.yaml @@ -13,7 +13,7 @@ spec: ingress: - ports: - protocol: TCP - port: 80 + port: 8080 egress: - {} --- @@ -32,7 +32,7 @@ spec: ingress: - ports: - protocol: TCP - port: 80 + port: 8080 egress: - {} --- From 9162c4fb64330171857ac83ea743bd3ab4aea91b Mon Sep 17 00:00:00 2001 From: "M. Mert Yildiran" Date: Fri, 15 Mar 2024 20:39:39 +0300 Subject: [PATCH 2/3] :bookmark: Bump the Helm chart version to 52.1.75 --- helm-chart/Chart.yaml | 2 +- manifests/complete.yaml | 176 +++++++++++++++++++++++++++------------- 2 files changed, 121 insertions(+), 57 deletions(-) diff --git a/helm-chart/Chart.yaml b/helm-chart/Chart.yaml index 0486dd476..bb14f6a03 100644 --- a/helm-chart/Chart.yaml +++ b/helm-chart/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: kubeshark -version: "52.1.66" +version: "52.1.75" description: The API Traffic Analyzer for Kubernetes home: https://kubeshark.co keywords: diff --git a/manifests/complete.yaml b/manifests/complete.yaml index 3058b1664..fa8011dd1 100644 --- a/manifests/complete.yaml +++ b/manifests/complete.yaml @@ -1,13 +1,75 @@ --- +# Source: kubeshark/templates/16-network-policies.yaml +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: kubeshark-hub-network-policy + namespace: default +spec: + podSelector: + matchLabels: + app.kubeshark.co/app: hub + policyTypes: + - Ingress + - Egress + ingress: + - ports: + - protocol: TCP + port: 8080 + egress: + - {} +--- +# Source: kubeshark/templates/16-network-policies.yaml +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: kubeshark-front-network-policy + namespace: default +spec: + podSelector: + matchLabels: + app.kubeshark.co/app: front + policyTypes: + - Ingress + - Egress + ingress: + - ports: + - protocol: TCP + port: 8080 + egress: + - {} +--- +# Source: kubeshark/templates/16-network-policies.yaml +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: kubeshark-worker-network-policy + namespace: default +spec: + podSelector: + matchLabels: + app.kubeshark.co/app: worker + policyTypes: + - Ingress + - Egress + ingress: + - ports: + - protocol: TCP + port: 30001 + - protocol: TCP + port: 49100 + egress: + - {} +--- # Source: kubeshark/templates/01-service-account.yaml apiVersion: v1 kind: ServiceAccount metadata: labels: - helm.sh/chart: kubeshark-52.1.66 + helm.sh/chart: kubeshark-52.1.75 app.kubernetes.io/name: kubeshark app.kubernetes.io/instance: kubeshark - app.kubernetes.io/version: "52.1.66" + app.kubernetes.io/version: "52.1.75" app.kubernetes.io/managed-by: Helm annotations: name: kubeshark-service-account @@ -21,10 +83,10 @@ metadata: namespace: default labels: app.kubeshark.co/app: hub - helm.sh/chart: kubeshark-52.1.66 + helm.sh/chart: kubeshark-52.1.75 app.kubernetes.io/name: kubeshark app.kubernetes.io/instance: kubeshark - app.kubernetes.io/version: "52.1.66" + app.kubernetes.io/version: "52.1.75" app.kubernetes.io/managed-by: Helm stringData: LICENSE: '' @@ -38,10 +100,10 @@ metadata: namespace: default labels: app.kubeshark.co/app: hub - helm.sh/chart: kubeshark-52.1.66 + helm.sh/chart: kubeshark-52.1.75 app.kubernetes.io/name: kubeshark app.kubernetes.io/instance: kubeshark - app.kubernetes.io/version: "52.1.66" + app.kubernetes.io/version: "52.1.75" app.kubernetes.io/managed-by: Helm stringData: AUTH_SAML_X509_CRT: | @@ -54,10 +116,10 @@ metadata: namespace: default labels: app.kubeshark.co/app: hub - helm.sh/chart: kubeshark-52.1.66 + helm.sh/chart: kubeshark-52.1.75 app.kubernetes.io/name: kubeshark app.kubernetes.io/instance: kubeshark - app.kubernetes.io/version: "52.1.66" + app.kubernetes.io/version: "52.1.75" app.kubernetes.io/managed-by: Helm stringData: AUTH_SAML_X509_KEY: | @@ -69,16 +131,16 @@ metadata: name: kubeshark-nginx-config-map namespace: default labels: - helm.sh/chart: kubeshark-52.1.66 + helm.sh/chart: kubeshark-52.1.75 app.kubernetes.io/name: kubeshark app.kubernetes.io/instance: kubeshark - app.kubernetes.io/version: "52.1.66" + app.kubernetes.io/version: "52.1.75" app.kubernetes.io/managed-by: Helm data: default.conf: | server { - listen 80; - listen [::]:80; + listen 8080; + listen [::]:8080; access_log /dev/stdout; error_log /dev/stdout; @@ -133,10 +195,10 @@ metadata: namespace: default labels: app.kubeshark.co/app: hub - helm.sh/chart: kubeshark-52.1.66 + helm.sh/chart: kubeshark-52.1.75 app.kubernetes.io/name: kubeshark app.kubernetes.io/instance: kubeshark - app.kubernetes.io/version: "52.1.66" + app.kubernetes.io/version: "52.1.75" app.kubernetes.io/managed-by: Helm data: POD_REGEX: '.*' @@ -166,10 +228,10 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: labels: - helm.sh/chart: kubeshark-52.1.66 + helm.sh/chart: kubeshark-52.1.75 app.kubernetes.io/name: kubeshark app.kubernetes.io/instance: kubeshark - app.kubernetes.io/version: "52.1.66" + app.kubernetes.io/version: "52.1.75" app.kubernetes.io/managed-by: Helm annotations: name: kubeshark-cluster-role-default @@ -194,10 +256,10 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: labels: - helm.sh/chart: kubeshark-52.1.66 + helm.sh/chart: kubeshark-52.1.75 app.kubernetes.io/name: kubeshark app.kubernetes.io/instance: kubeshark - app.kubernetes.io/version: "52.1.66" + app.kubernetes.io/version: "52.1.75" app.kubernetes.io/managed-by: Helm annotations: name: kubeshark-cluster-role-binding-default @@ -216,10 +278,10 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: labels: - helm.sh/chart: kubeshark-52.1.66 + helm.sh/chart: kubeshark-52.1.75 app.kubernetes.io/name: kubeshark app.kubernetes.io/instance: kubeshark - app.kubernetes.io/version: "52.1.66" + app.kubernetes.io/version: "52.1.75" app.kubernetes.io/managed-by: Helm annotations: name: kubeshark-self-config-role @@ -245,10 +307,10 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: labels: - helm.sh/chart: kubeshark-52.1.66 + helm.sh/chart: kubeshark-52.1.75 app.kubernetes.io/name: kubeshark app.kubernetes.io/instance: kubeshark - app.kubernetes.io/version: "52.1.66" + app.kubernetes.io/version: "52.1.75" app.kubernetes.io/managed-by: Helm annotations: name: kubeshark-self-config-role-binding @@ -268,10 +330,10 @@ kind: Service metadata: labels: app.kubeshark.co/app: hub - helm.sh/chart: kubeshark-52.1.66 + helm.sh/chart: kubeshark-52.1.75 app.kubernetes.io/name: kubeshark app.kubernetes.io/instance: kubeshark - app.kubernetes.io/version: "52.1.66" + app.kubernetes.io/version: "52.1.75" app.kubernetes.io/managed-by: Helm annotations: name: kubeshark-hub @@ -280,7 +342,7 @@ spec: ports: - name: kubeshark-hub port: 80 - targetPort: 80 + targetPort: 8080 selector: app.kubeshark.co/app: hub type: ClusterIP @@ -290,10 +352,10 @@ apiVersion: v1 kind: Service metadata: labels: - helm.sh/chart: kubeshark-52.1.66 + helm.sh/chart: kubeshark-52.1.75 app.kubernetes.io/name: kubeshark app.kubernetes.io/instance: kubeshark - app.kubernetes.io/version: "52.1.66" + app.kubernetes.io/version: "52.1.75" app.kubernetes.io/managed-by: Helm annotations: name: kubeshark-front @@ -302,7 +364,7 @@ spec: ports: - name: kubeshark-front port: 80 - targetPort: 80 + targetPort: 8080 selector: app.kubeshark.co/app: front type: ClusterIP @@ -319,10 +381,10 @@ metadata: spec: selector: app.kubeshark.co/app: worker - helm.sh/chart: kubeshark-52.1.66 + helm.sh/chart: kubeshark-52.1.75 app.kubernetes.io/name: kubeshark app.kubernetes.io/instance: kubeshark - app.kubernetes.io/version: "52.1.66" + app.kubernetes.io/version: "52.1.75" app.kubernetes.io/managed-by: Helm ports: - name: metrics @@ -337,10 +399,10 @@ metadata: labels: app.kubeshark.co/app: worker sidecar.istio.io/inject: "false" - helm.sh/chart: kubeshark-52.1.66 + helm.sh/chart: kubeshark-52.1.75 app.kubernetes.io/name: kubeshark app.kubernetes.io/instance: kubeshark - app.kubernetes.io/version: "52.1.66" + app.kubernetes.io/version: "52.1.75" app.kubernetes.io/managed-by: Helm annotations: name: kubeshark-worker-daemon-set @@ -349,19 +411,19 @@ spec: selector: matchLabels: app.kubeshark.co/app: worker - helm.sh/chart: kubeshark-52.1.66 + helm.sh/chart: kubeshark-52.1.75 app.kubernetes.io/name: kubeshark app.kubernetes.io/instance: kubeshark - app.kubernetes.io/version: "52.1.66" + app.kubernetes.io/version: "52.1.75" app.kubernetes.io/managed-by: Helm template: metadata: labels: app.kubeshark.co/app: worker - helm.sh/chart: kubeshark-52.1.66 + helm.sh/chart: kubeshark-52.1.75 app.kubernetes.io/name: kubeshark app.kubernetes.io/instance: kubeshark - app.kubernetes.io/version: "52.1.66" + app.kubernetes.io/version: "52.1.75" app.kubernetes.io/managed-by: Helm name: kubeshark-worker-daemon-set namespace: kubeshark @@ -393,7 +455,7 @@ spec: - -procfs - /hostproc - -kernel-module - image: 'docker.io/kubeshark/worker:v52.1.66' + image: 'docker.io/kubeshark/worker:v52.1.75' imagePullPolicy: Always name: sniffer ports: @@ -457,7 +519,7 @@ spec: - ./tracer - -procfs - /hostproc - image: 'docker.io/kubeshark/worker:v52.1.66' + image: 'docker.io/kubeshark/worker:v52.1.75' imagePullPolicy: Always name: tracer env: @@ -532,10 +594,10 @@ kind: Deployment metadata: labels: app.kubeshark.co/app: hub - helm.sh/chart: kubeshark-52.1.66 + helm.sh/chart: kubeshark-52.1.75 app.kubernetes.io/name: kubeshark app.kubernetes.io/instance: kubeshark - app.kubernetes.io/version: "52.1.66" + app.kubernetes.io/version: "52.1.75" app.kubernetes.io/managed-by: Helm annotations: name: kubeshark-hub @@ -545,19 +607,19 @@ spec: selector: matchLabels: app.kubeshark.co/app: hub - helm.sh/chart: kubeshark-52.1.66 + helm.sh/chart: kubeshark-52.1.75 app.kubernetes.io/name: kubeshark app.kubernetes.io/instance: kubeshark - app.kubernetes.io/version: "52.1.66" + app.kubernetes.io/version: "52.1.75" app.kubernetes.io/managed-by: Helm template: metadata: labels: app.kubeshark.co/app: hub - helm.sh/chart: kubeshark-52.1.66 + helm.sh/chart: kubeshark-52.1.75 app.kubernetes.io/name: kubeshark app.kubernetes.io/instance: kubeshark - app.kubernetes.io/version: "52.1.66" + app.kubernetes.io/version: "52.1.75" app.kubernetes.io/managed-by: Helm spec: dnsPolicy: ClusterFirstWithHostNet @@ -566,6 +628,8 @@ spec: - name: kubeshark-hub command: - ./hub + - -port + - "8080" env: - name: POD_NAME valueFrom: @@ -577,7 +641,7 @@ spec: fieldPath: metadata.namespace - name: KUBESHARK_CLOUD_API_URL value: 'https://api.kubeshark.co' - image: 'docker.io/kubeshark/hub:v52.1.66' + image: 'docker.io/kubeshark/hub:v52.1.75' imagePullPolicy: Always readinessProbe: periodSeconds: 1 @@ -585,14 +649,14 @@ spec: successThreshold: 1 initialDelaySeconds: 3 tcpSocket: - port: 80 + port: 8080 livenessProbe: periodSeconds: 1 failureThreshold: 3 successThreshold: 1 initialDelaySeconds: 3 tcpSocket: - port: 80 + port: 8080 resources: limits: cpu: 750m @@ -625,10 +689,10 @@ kind: Deployment metadata: labels: app.kubeshark.co/app: front - helm.sh/chart: kubeshark-52.1.66 + helm.sh/chart: kubeshark-52.1.75 app.kubernetes.io/name: kubeshark app.kubernetes.io/instance: kubeshark - app.kubernetes.io/version: "52.1.66" + app.kubernetes.io/version: "52.1.75" app.kubernetes.io/managed-by: Helm annotations: name: kubeshark-front @@ -638,19 +702,19 @@ spec: selector: matchLabels: app.kubeshark.co/app: front - helm.sh/chart: kubeshark-52.1.66 + helm.sh/chart: kubeshark-52.1.75 app.kubernetes.io/name: kubeshark app.kubernetes.io/instance: kubeshark - app.kubernetes.io/version: "52.1.66" + app.kubernetes.io/version: "52.1.75" app.kubernetes.io/managed-by: Helm template: metadata: labels: app.kubeshark.co/app: front - helm.sh/chart: kubeshark-52.1.66 + helm.sh/chart: kubeshark-52.1.75 app.kubernetes.io/name: kubeshark app.kubernetes.io/instance: kubeshark - app.kubernetes.io/version: "52.1.66" + app.kubernetes.io/version: "52.1.75" app.kubernetes.io/managed-by: Helm spec: containers: @@ -671,7 +735,7 @@ spec: value: 'false' - name: REACT_APP_RECORDING_DISABLED value: 'false' - image: 'docker.io/kubeshark/front:v52.1.66' + image: 'docker.io/kubeshark/front:v52.1.75' imagePullPolicy: Always name: kubeshark-front livenessProbe: @@ -680,14 +744,14 @@ spec: successThreshold: 1 initialDelaySeconds: 3 tcpSocket: - port: 80 + port: 8080 readinessProbe: periodSeconds: 1 failureThreshold: 3 successThreshold: 1 initialDelaySeconds: 3 tcpSocket: - port: 80 + port: 8080 timeoutSeconds: 1 resources: limits: From f1021f61b6d12d7985dc5f71485db66938fe0e33 Mon Sep 17 00:00:00 2001 From: "M. Mert Yildiran" Date: Fri, 15 Mar 2024 21:16:14 +0300 Subject: [PATCH 3/3] :construction_worker: Change the Homebrew job's name --- .github/workflows/release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index c0f580aa9..3d4d2658a 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -53,7 +53,7 @@ jobs: bodyFile: 'bin/README.md' brew: - name: Build and publish a new release + name: Publish a new Homebrew formulae needs: [release] runs-on: ubuntu-latest steps: